You say Kah-say-ah, I say Kuy-see-ya, let’s call the whole thing off

Just to clarify all the things, here are what you should take away from the REvil Kaseya exploit:

Kaseya was working on a patch for a properly disclosed vulnerability and doing everything right until someone else found out there was a vulnerability and then it was all over.

We don’t have proof the exploit was leaked/stolen. 

This was not a supply chain attack from Kaseya’s perspective. This was a midstream supply chain attack hitting Kaseya’s distributors—the managed service providers. So, it wasn’t burned in at the factory, it was installed after shipping (to borrow an NSA Playset metaphor). From the point of view of the end customers, it was still a supply chain attack, because it happened before it got to them.

It is probably not a great thing to have a product that only works if you exclude where it works from malware protection. Windows already has enough built in tools that can be turned to evil purposes; we don’t need more.

There is no way that REvil is planning on directly handling all the “customers” this attack created. They’re just laughing their asses off. 

If Dharma is the McDonald’s of ransomware, REvil is the Amazon: they have “contractors” who deliver but they’re the ones who collect the money. They’ve been particularly salty since Biden got pissed over the Brazilian meatpacking fiasco (that just happened to be a multinational meatpacking fiasco), and they’re putting BLACK LIVES MATTER *AND* dtrump4ever in their payloads just to super-troll. They’ve been doing that for months. And then they throw away a zero-day on a one-fer instant ransomware all you can encrypt buffet like a micro-notpetya. Don’t think that them dropping this ransomware buffet on everybody’s 4th of July party is a coincidence.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.